VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Init

Browse source
This commit is contained in:
Vili Sinervä 2024-05-23 13:39:48 +03:00
commit be23132d54
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
13 changed files with 1784 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

128
base.nix Normal file
View file

@ -0,0 +1,128 @@
#Basic system config
{ config, pkgs, ... }:
{
#################### Packages ####################
environment.systemPackages = with pkgs; [
rxvt-unicode-emoji
tmux
git
unison
nano
p7zip
tree
];
#################### ZSH configuration ####################
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
ohMyZsh = {
enable = true;
plugins = [ "history-substring-search" "tmux" ];
theme = "af-magic";
};
interactiveShellInit =
''
ZSH_TMUX_AUTOSTART=false
ZSH_TMUX_AUTOQUIT=false
ZSH_TMUX_CONFIG=/etc/tmux.conf
'';
promptInit =
''
if [ -n "$IN_NIX_SHELL" ]; then
setopt PROMPT_SUBST
RPROMPT+='[nix]'
fi
'';
};
#################### tmux configuration ####################
programs.tmux.enable = true;
programs.tmux.extraConfig =
''
unbind C-b
set -g prefix M-w
bind M-w send-prefix
bind s split-window -v
bind v split-window -h
# Smart pane switching with awareness of Vim splits.
# bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L"
# bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D"
# bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U"
# bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R"
bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L"
bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D"
bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U"
bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R"
bind -n C-Left select-pane -L
bind -n C-Right select-pane -R
bind -n C-Up select-pane -U
bind -n C-Down select-pane -D
# resize panes more easily
# bind -r i resize-pane -L 10
# bind -r n resize-pane -D 10
# bind -r e resize-pane -U 10
# bind -r o resize-pane -R 10
bind -r h resize-pane -L 10
bind -r j resize-pane -D 10
bind -r k resize-pane -U 10
bind -r l resize-pane -R 10
bind M-c attach -c "#{pane_current_path}"
set -s escape-time 0
# unbind -n tab
'';
#################### SSH configuration ####################
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ];
#################### BASE ####################
nixpkgs.config.allowUnfree = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
users.mutableUsers = false; # Force all user management to happen throught nix-files
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
services.xserver.layout = "us,";
services.xserver.xkbVariant = "de_se_fi,";
console = pkgs.lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade = {
enable = true;
dates = "04:00";
randomizedDelaySec = "30min";
};
nix = {
settings.auto-optimise-store = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "05:00";
randomizedDelaySec = "30min";
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
}

555
desktop.nix Normal file
View file

@ -0,0 +1,555 @@
#Config for graphical desktop
{ config, pkgs, ... }:
let
i3status-conf = "${pkgs.writeText "i3status-conf"
''
# i3status configuration file.
# see "man i3status" for documentation.
# It is important that this file is edited as UTF-8.
# The following line should contain a sharp s:
# ß
# If the above line is not correctly displayed, fix your editor first!
general {
output_format = "i3bar"
colors = true
interval = 5
color_good = "#2AA198"
color_bad = "#586E75"
color_degraded = "#DC322F"
}
order += "battery all"
order += "cpu_usage"
order += "memory"
order += "ethernet _first_"
order += "wireless _first_"
order += "disk /"
order += "tztime local"
order += "tztime helsinki"
cpu_usage {
format = " CPU %usage "
}
disk "/" {
# format = " hdd %avail "
format = " %avail "
}
ethernet _first_ {
format_up = " LAN: %ip "
format_down = " No LAN "
}
wireless _first_ {
format_up = " %quality%essid: %ip "
format_down = ""
}
battery all {
# format = "%status %percentage %remaining %emptytime"
format = " bat %status %percentage (%remaining left) "
format_down = ""
last_full_capacity = true
integer_battery_capacity = true
# status_chr = ""
status_chr = ""
# status_bat = "bat"
# status_bat = "☉"
# status_bat = ""
status_bat = ""
# status_unk = "?"
status_unk = ""
# status_full = ""
status_full = ""
low_threshold = 30
threshold_type = time
}
memory {
format = " RAM %used / %total "
threshold_degraded = "10%"
}
tztime local {
format = " %d.%m. %H:%M "
}
tztime helsinki {
format = " (HEL %H:%M) "
timezone = "Europe/Helsinki"
hide_if_equals_localtime = true
}
''}";
i3-conf = "${pkgs.writeText "i3config"
''
# Set mod key (Mod1=<Alt>, Mod4=<Super>)
set $mod Mod4
# Workspace names
# to display names or symbols instead of plain workspace numbers you can use
# something like: set $ws1 1:mail
# set $ws2 2:
set $ws1 1
set $ws2 2
set $ws3 3
set $ws4 4
set $ws5 5
set $ws6 6
set $ws7 7
set $ws8 8
set $ws9 9
set $ws10 10
set $ws11 11
set $ws12 12
set $ws13 13
set $ws14 14
set $ws15 15
set $ws16 16
set $ws17 17
set $ws18 18
set $ws19 19
set $ws20 20
# switch to workspace
bindsym $mod+1 workspace $ws1
bindsym $mod+2 workspace $ws2
bindsym $mod+3 workspace $ws3
bindsym $mod+4 workspace $ws4
bindsym $mod+5 workspace $ws5
bindsym $mod+6 workspace $ws6
bindsym $mod+7 workspace $ws7
bindsym $mod+8 workspace $ws8
bindsym $mod+9 workspace $ws9
bindsym $mod+0 workspace $ws10
bindsym $mod+Mod1+1 workspace $ws11
bindsym $mod+Mod1+2 workspace $ws12
bindsym $mod+Mod1+3 workspace $ws13
bindsym $mod+Mod1+4 workspace $ws14
bindsym $mod+Mod1+5 workspace $ws15
bindsym $mod+Mod1+6 workspace $ws16
bindsym $mod+Mod1+7 workspace $ws17
bindsym $mod+Mod1+8 workspace $ws18
bindsym $mod+Mod1+9 workspace $ws19
bindsym $mod+Mod1+0 workspace $ws20
# Move focused container to workspace
bindsym $mod+Ctrl+1 move container to workspace $ws1
bindsym $mod+Ctrl+2 move container to workspace $ws2
bindsym $mod+Ctrl+3 move container to workspace $ws3
bindsym $mod+Ctrl+4 move container to workspace $ws4
bindsym $mod+Ctrl+5 move container to workspace $ws5
bindsym $mod+Ctrl+6 move container to workspace $ws6
bindsym $mod+Ctrl+7 move container to workspace $ws7
bindsym $mod+Ctrl+8 move container to workspace $ws8
bindsym $mod+Ctrl+9 move container to workspace $ws9
bindsym $mod+Ctrl+0 move container to workspace $ws10
bindsym $mod+Mod1+Ctrl+1 move container to workspace $ws11
bindsym $mod+Mod1+Ctrl+2 move container to workspace $ws12
bindsym $mod+Mod1+Ctrl+3 move container to workspace $ws13
bindsym $mod+Mod1+Ctrl+4 move container to workspace $ws14
bindsym $mod+Mod1+Ctrl+5 move container to workspace $ws15
bindsym $mod+Mod1+Ctrl+6 move container to workspace $ws16
bindsym $mod+Mod1+Ctrl+7 move container to workspace $ws17
bindsym $mod+Mod1+Ctrl+8 move container to workspace $ws18
bindsym $mod+Mod1+Ctrl+9 move container to workspace $ws19
bindsym $mod+Mod1+Ctrl+0 move container to workspace $ws20
# Move to workspace with focused container
bindsym $mod+Shift+1 move container to workspace $ws1; workspace $ws1
bindsym $mod+Shift+2 move container to workspace $ws2; workspace $ws2
bindsym $mod+Shift+3 move container to workspace $ws3; workspace $ws3
bindsym $mod+Shift+4 move container to workspace $ws4; workspace $ws4
bindsym $mod+Shift+5 move container to workspace $ws5; workspace $ws5
bindsym $mod+Shift+6 move container to workspace $ws6; workspace $ws6
bindsym $mod+Shift+7 move container to workspace $ws7; workspace $ws7
bindsym $mod+Shift+8 move container to workspace $ws8; workspace $ws8
bindsym $mod+Shift+9 move container to workspace $ws9; workspace $ws9
bindsym $mod+Shift+0 move container to workspace $ws10; workspace $ws10
bindsym $mod+Mod1+Shift+1 move container to workspace $ws11; workspace $ws11
bindsym $mod+Mod1+Shift+2 move container to workspace $ws12; workspace $ws12
bindsym $mod+Mod1+Shift+3 move container to workspace $ws13; workspace $ws13
bindsym $mod+Mod1+Shift+4 move container to workspace $ws14; workspace $ws14
bindsym $mod+Mod1+Shift+5 move container to workspace $ws15; workspace $ws15
bindsym $mod+Mod1+Shift+6 move container to workspace $ws16; workspace $ws16
bindsym $mod+Mod1+Shift+7 move container to workspace $ws17; workspace $ws17
bindsym $mod+Mod1+Shift+8 move container to workspace $ws18; workspace $ws18
bindsym $mod+Mod1+Shift+9 move container to workspace $ws19; workspace $ws19
bindsym $mod+Mod1+Shift+0 move container to workspace $ws20; workspace $ws20
# Configure border style <normal|1pixel|pixel xx|none|pixel>
default_border pixel 3
default_floating_border normal
# Hide borders
hide_edge_borders none
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font xft:URWGothic-Book 14
# Use Mouse+$mod to drag floating windows
floating_modifier $mod
# start a terminal
bindsym $mod+Return exec urxvt
# kill focused window
bindsym $mod+Shift+q kill
# start program launcher
bindsym $mod+d exec --no-startup-id "rofi -theme 'Arc-Dark' -show combi -combi-modes 'run,ssh' -modes combi"
# change focus
# bindsym $mod+i focus left
# bindsym $mod+n focus down
# bindsym $mod+e focus up
# bindsym $mod+o focus right
bindsym $mod+h focus left
bindsym $mod+j focus down
bindsym $mod+k focus up
bindsym $mod+l focus right
# MARK!
# alternatively, you can use the cursor keys:
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
# bindsym $mod+Shift+i move left
# bindsym $mod+Shift+n move down
# bindsym $mod+Shift+e move up
# bindsym $mod+Shift+o move right
bindsym $mod+Shift+h move left
bindsym $mod+Shift+j move down
bindsym $mod+Shift+k move up
bindsym $mod+Shift+l move right
# MARK!
# alternatively, you can use the cursor keys:
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split orientation
# bindsym $mod+h split h;exec notify-send 'tile horizontally'
bindsym $mod+e split h;exec notify-send 'tile horizontally'
# MARK!
bindsym $mod+v split v;exec notify-send 'tile vertically'
# toggle fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
# bindsym $mod+l layout toggle split
# MARK!
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# reload the configuration file
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# Resize window (you can also use the mouse for that)
bindsym $mod+r mode "resize"
mode "resize" {
bindsym h resize shrink width 5 px or 5 ppt
bindsym j resize grow height 5 px or 5 ppt
bindsym k resize shrink height 5 px or 5 ppt
bindsym l resize grow width 5 px or 5 ppt
# bindsym i resize shrink width 5 px or 5 ppt
# bindsym n resize grow height 5 px or 5 ppt
# bindsym e resize shrink height 5 px or 5 ppt
# bindsym o resize grow width 5 px or 5 ppt
# MARK!
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# exit resize mode: Enter or Escape
bindsym Return mode "default"
bindsym Escape mode "default"
}
# Color palette used for the terminal ( ~/.Xresources file )
# Colors are gathered based on the documentation:
# https://i3wm.org/docs/userguide.html#xresources
# Change the variable name at the place you want to match the color
# of your terminal like this:
# [example]
# If you want your bar to have the same background color as your
# terminal background change the line 362 from:
# background #14191D
# to:
# background $term_background
# Same logic applied to everything else.
set_from_resource $term_background background
set_from_resource $term_foreground foreground
set_from_resource $term_color0 color0
set_from_resource $term_color1 color1
set_from_resource $term_color2 color2
set_from_resource $term_color3 color3
set_from_resource $term_color4 color4
set_from_resource $term_color5 color5
set_from_resource $term_color6 color6
set_from_resource $term_color7 color7
set_from_resource $term_color8 color8
set_from_resource $term_color9 color9
set_from_resource $term_color10 color10
set_from_resource $term_color11 color11
set_from_resource $term_color12 color12
set_from_resource $term_color13 color13
set_from_resource $term_color14 color14
set_from_resource $term_color15 color15
# Start i3bar to display a workspace bar (plus the system information i3status if available)
bar {
i3bar_command i3bar
status_command i3status
position bottom
## please set your primary output first. Example: 'xrandr --output eDP1 --primary'
tray_output primary
bindsym button4 nop
bindsym button5 nop
strip_workspace_numbers yes
colors {
background #222D31
statusline #F9FAF9
separator #454947
# border backgr. text
focused_workspace #F9FAF9 #16a085 #292F34
active_workspace #595B5B #353836 #FDF6E3
inactive_workspace #595B5B #222D31 #EEE8D5
binding_mode #16a085 #2C2C2C #F9FAF9
urgent_workspace #16a085 #FDF6E3 #E5201D
}
}
# Theme colors
# class border backgr. text indic. child_border
client.focused #556064 #556064 #80FFF9 #FDF6E3
client.focused_inactive #2F3D44 #2F3D44 #1ABC9C #454948
client.unfocused #2F3D44 #2F3D44 #1ABC9C #454948
client.urgent #CB4B16 #FDF6E3 #1ABC9C #268BD2
client.placeholder #000000 #0c0c0c #ffffff #000000
client.background #2B2C2B
#############################
### settings for i3-gaps: ###
#############################
# Set inner/outer gaps
gaps inner 2
gaps outer 0
# Smart gaps (gaps used if only more than one container on the workspace)
smart_gaps on
# Smart borders (draw borders around container only if it is not the only container on this workspace)
smart_borders on
# Screen brightness controls
bindcode 232 exec brightnessctl set 5%-
bindcode 233 exec --no-startup-id brightnessctl set 5%+
exec --no-startup-id nm-applet --sm-disable
''}";
Xresources = "${pkgs.writeText "Xresources" ''
Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.rgba: rgb
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
XTerm*background: #222D31
XTerm*foreground: #d8d8d8
XTerm*pointerColor: #1ABB9B
XTerm*faceName: Fixed
XTerm*faceSize: 11
XTerm*reverseVideo: on
XTerm*selectToClipboard: true
*background: #222D31
*foreground: #d8d8d8
*fading: 8
*fadeColor: black
*cursorColor: #1ABB9B
*pointerColorBackground: #2B2C2B
*pointerColorForeground: #16A085
!! black dark/light
*color0: #222D31
*color8: #585858
!! red dark/light
*color1: #ab4642
*color9: #ab4642
!! green dark/light
*color2: #7E807E
*color10: #8D8F8D
!! yellow dark/light
*color3: #f7ca88
*color11: #f7ca88
!! blue dark/light
*color4: #7cafc2
*color12: #7cafc2
!! magenta dark/light
*color5: #ba8baf
*color13: #ba8baf
!! cyan dark/light
*color6: #1ABB9B
*color14: #1ABB9B
!! white dark/light
*color7: #d8d8d8
*color15: #f8f8f8
Xcursor.theme: xcursor-breeze
Xcursor.size: 0
URxvt.font: 9x15,xft:TerminessTTFNerdFontMono
! alternative font settings with 'terminus':
! URxvt.font: -xos4-terminus-medium-r-normal--16-160-72-72-c-80-iso10646-1
! URxvt.bold.font: -xos4-terminus-bold-r-normal--16-160-72-72-c-80-iso10646-1
!! terminus names see end of file!
URxvt.depth: 32
URxvt.background: [100]#0f0f0f
URxvt.foreground: #a0a0a0
URxvt*scrollBar: false
URxvt*mouseWheelScrollPage: false
URxvt*cursorBlink: true
URxvt*background: black
URxvt*saveLines: 5000
! for 'fake' transparency (without Compton) uncomment the following three lines
! URxvt*inheritPixmap: true
! URxvt*transparent: true
! URxvt*shading: 138
! Normal copy-paste keybindings without perls
URxvt.iso14755: false
URxvt.keysym.Shift-Control-V: eval:paste_clipboard
URxvt.keysym.Shift-Control-C: eval:selection_to_clipboard
!Xterm escape codes, word by word movement
URxvt.keysym.Control-Left: \033[1;5D
URxvt.keysym.Shift-Control-Left: \033[1;6D
URxvt.keysym.Control-Right: \033[1;5C
URxvt.keysym.Shift-Control-Right: \033[1;6C
URxvt.keysym.Control-Up: \033[1;5A
URxvt.keysym.Shift-Control-Up: \033[1;6A
URxvt.keysym.Control-Down: \033[1;5B
URxvt.keysym.Shift-Control-Down: \033[1;6B
''}";
in
{
environment.systemPackages = with pkgs; [
i3status rofi arandr btop
firefox
telegram-desktop
signal-desktop discord
tidal-hifi vlc pavucontrol viewnior
xfce.mousepad pcmanfm libreoffice evince
brightnessctl networkmanagerapplet
zotero
flameshot
speedcrunch
];
services = {
xserver = {
enable = true;
displayManager = {
defaultSession = "none+i3";
lightdm.enable = true;
autoLogin.enable = true;
autoLogin.user = "vili";
sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}'';
};
windowManager.i3 = {
enable = true;
configFile = i3-conf;
};
};
printing.enable = true;
avahi = {
enable = true;
nssmdns = true;
openFirewall = true;
};
};
nixpkgs.config.pulseaudio = true;
hardware.pulseaudio.enable = true;
programs.firefox = {
preferences = {
"media.ffmpeg.vaapi.enabled" = true;
};
enable = true;
preferencesStatus = "locked";
policies = {
ExtensionSettings = {
"*".installation_mode = "blocked";
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
installation_mode = "force_installed";
};
};
};
};
qt = {
enable = true;
style = "breeze";
};
systemd.services.i3statusSymlink = {
wantedBy = [ "multi-user.target" ];
description = "Symlink for i3status";
serviceConfig = {
Type = "oneshot";
User = "vili";
ExecStartPre = ''${pkgs.coreutils-full}/bin/mkdir -p /home/vili/.config/i3status'';
ExecStart = ''${pkgs.coreutils-full}/bin/ln -sf ${i3status-conf} /home/vili/.config/i3status/config'';
};
};
xdg.mime.defaultApplications = {
"application/pdf" = "org.gnome.Evince.desktop";
"text/plain" = "org.xfce.mousepad.desktop";
"inode/directory" = "pcmanfm.description";
};
security.polkit.enable = true;
}

161
development.nix Normal file
View file

@ -0,0 +1,161 @@
#Development setup
{ config, pkgs, ... }:
{
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
cmake
gnumake
gcc
gdb
nodejs-slim
clang clang-tools clang-analyzer
docker-compose docker
python311
python311Packages.pip
pypy3
rustup
];
#################### Neovim configuration ####################
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
configure = {
packages.myVimPackage = with pkgs.vimPlugins; {
start = [ nerdtree nerdtree-git-plugin
vim-gitgutter vim-fugitive vim-tmux-navigator
coc-nvim coc-pairs
coc-clangd coc-cmake
coc-docker
coc-json
coc-ltex
coc-markdownlint
coc-sh
coc-toml
coc-yaml
coc-pyright
coc-tsserver
coc-rust-analyzer
];
};
customRC =
let
coc-config = "${pkgs.writeTextDir "coc-settings.json"
''
{
"workspace.ignoredFolders": [
"$HOME",
"$HOME/.cargo/**",
"$HOME/.rustup/**"
],
rust-analyzer.inlayHints.bindingModeHints.enable: true,
rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always",
rust-analyzer.inlayHints.discriminantHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true,
rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always",
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
}
''}";
in
''
syntax on
set foldmethod=syntax
set number
" set relativenumber
set colorcolumn=100
set signcolumn=yes
let NERDTreeShowLineNumbers=1
set background=dark
set showcmd
set scrolloff=16
filetype plugin indent on
set autoindent
set shiftwidth=3
set tabstop=3
" Some servers have issues with backup files, see #649
set nobackup
set nowritebackup
" Having longer updatetime (default is 4000 ms = 4s) leads to noticeable
" delays and poor user experience
set updatetime=300
" Make <CR> to accept selected completion item or notify coc.nvim to format
" <C-g>u breaks current undo, please make your own choice.
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Navigate suggestion list with tab and shift-tab
inoremap <expr> <Tab> coc#pum#visible() ? coc#pum#next(1) : "\<Tab>"
inoremap <expr> <S-Tab> coc#pum#visible() ? coc#pum#prev(1) : "\<S-Tab>"
" If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree.
autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
" Start NERDTree. If a file is specified, move the cursor to its window.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif
let g:coc_filetype_map = {'tex': 'latex'}
let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1
" noremap <silent> <C-i> :<C-U>TmuxNavigateLeft<cr>
" noremap <silent> <C-n> :<C-U>TmuxNavigateDown<cr>
" noremap <silent> <C-e> :<C-U>TmuxNavigateUp<cr>
" noremap <silent> <C-o> :<C-U>TmuxNavigateRight<cr>
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
" Noremap i h
" Noremap <S-i> <S-h>
" Noremap n j
" Noremap <S-n> <S-j>
" Noremap e k
" Noremap <S-e> <S-k>
" Noremap o l
" Noremap <S-o> <S-l>
" Noremap h i
" Noremap <S-h> <S-i>
" Noremap l o
" Noremap <S-l> <S-o>
" Noremap j e
" Noremap <S-j> <S-e>
" Nnoremap k n
" Nnoremap <S-k> <S-n>
" Let NERDTreeMapOpenExpl='\e'
'';
};
};
}

185
machine-confs/helium.nix Normal file
View file

@ -0,0 +1,185 @@
{ config, pkgs, lib, ... }:
let
unison-conf = "${pkgs.writeText "unison-conf"
''
root = /home/vili
root = ssh://nixos-cpu.vsinerva.fi//home/vili
watch = true
repeat = watch
prefer = newer
diff = diff -y -W 79 --suppress-common-lines
copyprog = rsync --inplace --compress
copyprogrest = rsync --partial --inplace --compress sshargs = -C
path = Desktop
path = Documents
path = Downloads
path = Music
path = Pictures
path = Projects
path = Public
path = School
path = Templates
path = Videos
path = Zotero
''}";
in
{
networking = {
hostName = "helium";
firewall.allowedUDPPorts = [ 51820 51821 ];
wg-quick.interfaces = {
wg0 = {
autostart = false;
address = [ "172.16.0.2/24" ];
dns = [ "192.168.0.1" "vsinerva.fi" ];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
wg1 = {
autostart = false;
address = [ "10.100.0.7/24" ];
dns = [ "1.1.1.1" ];
privateKeyFile = "/root/wireguard-keys/privatekey-netflix";
listenPort = 51821;
peers = [
{
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [ "0.0.0.0/0" "192.168.0.0/24" ];
endpoint = "netflix.vsinerva.fi:51821";
}
];
};
};
};
nix.settings = {
cores = 3;
max-jobs = 4;
};
imports = [
/mnt/nixos-conf/base.nix
/mnt/nixos-conf/vili.nix
/mnt/nixos-conf/desktop.nix
/mnt/nixos-conf/development.nix
/mnt/nixos-conf/machine-confs/libinput.nix
];
disabledModules = [ "services/x11/hardware/libinput.nix" ];
nixpkgs.overlays =
[
(final: prev:
{
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or []) ++ [ ./mouse-accel.patch ];
});
})
];
environment.systemPackages = with pkgs; [
zenmonitor moonlight-qt parsec-bin via
];
systemd.services = {
unisonConfSymlink = {
wantedBy = [ "multi-user.target" ];
description = "Symlink for unison conf";
serviceConfig = {
Type = "oneshot";
User = "vili";
ExecStartPre = ''${pkgs.coreutils-full}/bin/mkdir -p /home/vili/.unison'';
ExecStart = ''${pkgs.coreutils-full}/bin/ln -sf ${unison-conf} /home/vili/.unison/cpu.prf'';
};
};
unisonSync = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "unison filesync";
serviceConfig = {
Type = "exec";
User = "vili";
ExecStart = ''${pkgs.unison}/bin/unison -sshcmd ${pkgs.openssh}/bin/ssh cpu'';
};
};
};
# HARDWARE SPECIFIC
boot.initrd.kernelModules = [ "amdgpu" ];
hardware = {
opengl.extraPackages = with pkgs; [
rocmPackages.clr.icd
];
logitech.wireless = {
enable = true;
enableGraphical = true;
};
};
services = {
xserver = {
videoDrivers = [ "amdgpu" "modesetting" ];
deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
'';
displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
};
libinput.mouse = {
accelProfile = "custom";
accelPointsMotion = [ 0.00000 0.02000 0.04000 0.06000 0.08000 0.10000 0.12000 0.14000 0.16000 0.18000 0.20000 0.25250 0.31000 0.37250 0.44000 0.51250 0.59000 0.67250 0.76000 0.85250 0.95000 1.15500 1.37000 1.59500 1.83000 2.07500 2.33000 2.59500 2.87000 3.15500 3.45000 3.75500 4.07000 4.39500 4.73000 5.07500 5.43000 5.79500 6.17000 6.55500 6.95000 7.35500 7.77000 8.19500 8.63000 9.07500 9.53000 9.99500 10.47000 10.95500 11.45000 11.95000 ];
accelStepMotion = 0.05;
# accelPointsFallback = [ 0.0 10 ];
# accelPointsMotion = [ 0.0 20 ];
# accelPointsScroll = [ 0.0 30 ];
# accelStepFallback = 0.01;
# accelStepMotion = 0.02;
# accelStepScroll = 0.03;
};
redshift = {
executable = "/bin/redshift-gtk";
enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
};
};
devmon.enable = true;
gvfs.enable = true;
udisks2.enable = true;
};
location = {
latitude = 60.17;
longitude = 24.94;
};
# Keychron Q11
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

370
machine-confs/libinput.nix Normal file
View file

@ -0,0 +1,370 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.libinput;
xorgBool = v: if v then "on" else "off";
mkConfigForDevice = deviceType: {
dev = mkOption {
type = types.nullOr types.str;
default = null;
example = "/dev/input/event0";
description = ''
Path for ${deviceType} device. Set to `null` to apply to any
auto-detected ${deviceType}.
'';
};
accelProfile = mkOption {
type = types.enum [ "flat" "adaptive" "custom" ];
default = "adaptive";
example = "flat";
description = ''
Sets the pointer acceleration profile to the given profile.
Permitted values are `adaptive`, `flat`, `custom`.
Not all devices support this option or all profiles.
If a profile is unsupported, the default profile for this is used.
`flat`: Pointer motion is accelerated by a constant
(device-specific) factor, depending on the current speed.
`adaptive`: Pointer acceleration depends on the input speed.
This is the default profile for most devices.
`custom`: Allows the user to define a custom acceleration function.
To define custom functions use the accelPoints<Fallback/Motion/Scroll>
and accelStep<Fallback/Motion/Scroll> options.
'';
};
accelSpeed = mkOption {
type = types.nullOr types.str;
default = null;
example = "-0.5";
description = ''
Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).
This only applies to the flat or adaptive profile.
'';
};
accelPointsFallback = mkOption {
type = types.nullOr (types.listOf types.number);
default = null;
example = [ 0.0 1.0 2.4 2.5 ];
description = ''
Sets the points of the fallback acceleration function. The value must be a list of
floating point non-negative numbers. This only applies to the custom profile.
'';
};
accelPointsMotion = mkOption {
type = types.nullOr (types.listOf types.number);
default = null;
example = [ 0.0 1.0 2.4 2.5 ];
description = ''
Sets the points of the (pointer) motion acceleration function. The value must be a
list of floating point non-negative numbers. This only applies to the custom profile.
'';
};
accelPointsScroll = mkOption {
type = types.nullOr (types.listOf types.number);
default = null;
example = [ 0.0 1.0 2.4 2.5 ];
description = ''
Sets the points of the scroll acceleration function. The value must be a list of
floating point non-negative numbers. This only applies to the custom profile.
'';
};
accelStepFallback = mkOption {
type = types.nullOr types.number;
default = null;
example = 0.1;
description = ''
Sets the step between the points of the fallback acceleration function. When a step of
0.0 is provided, libinput's Fallback acceleration function is used. This only applies
to the custom profile.
'';
};
accelStepMotion = mkOption {
type = types.nullOr types.number;
default = null;
example = 0.1;
description = ''
Sets the step between the points of the (pointer) motion acceleration function. When a
step of 0.0 is provided, libinput's Fallback acceleration function is used. This only
applies to the custom profile.
'';
};
accelStepScroll = mkOption {
type = types.nullOr types.number;
default = null;
example = 0.1;
description = ''
Sets the step between the points of the scroll acceleration function. When a step of
0.0 is provided, libinput's Fallback acceleration function is used. This only applies
to the custom profile.
'';
};
buttonMapping = mkOption {
type = types.nullOr types.str;
default = null;
example = "1 6 3 4 5 0 7";
description = ''
Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must
be a space-separated list of button mappings in the order of the logical buttons on the
device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac
tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are
discarded and the default mapping is used for all buttons. Buttons not specified in the
user's mapping use the default mapping. See section BUTTON MAPPING for more details.
'';
};
calibrationMatrix = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.5 0 0 0 0.8 0.1 0 0 1";
description = ''
A string of 9 space-separated floating point numbers. Sets the calibration matrix to the
3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
'';
};
clickMethod = mkOption {
type = types.nullOr (types.enum [ "none" "buttonareas" "clickfinger" ]);
default = null;
example = "buttonareas";
description = ''
Enables a click method. Permitted values are `none`,
`buttonareas`, `clickfinger`.
Not all devices support all methods, if an option is unsupported,
the default click method for this device is used.
'';
};
leftHanded = mkOption {
type = types.bool;
default = false;
description = "Enables left-handed button orientation, i.e. swapping left and right buttons.";
};
middleEmulation = mkOption {
type = types.bool;
default = true;
description = ''
Enables middle button emulation. When enabled, pressing the left and right buttons
simultaneously produces a middle mouse button click.
'';
};
naturalScrolling = mkOption {
type = types.bool;
default = false;
description = "Enables or disables natural scrolling behavior.";
};
scrollButton = mkOption {
type = types.nullOr types.int;
default = null;
example = 1;
description = ''
Designates a button as scroll button. If the ScrollMethod is button and the button is logically
held down, x/y axis movement is converted into scroll events.
'';
};
scrollMethod = mkOption {
type = types.enum [ "twofinger" "edge" "button" "none" ];
default = "twofinger";
example = "edge";
description = ''
Specify the scrolling method: `twofinger`, `edge`,
`button`, or `none`
'';
};
horizontalScrolling = mkOption {
type = types.bool;
default = true;
description = ''
Enables or disables horizontal scrolling. When disabled, this driver will discard any
horizontal scroll events from libinput. This does not disable horizontal scroll events
from libinput; it merely discards the horizontal axis from any scroll events.
'';
};
sendEventsMode = mkOption {
type = types.enum [ "disabled" "enabled" "disabled-on-external-mouse" ];
default = "enabled";
example = "disabled";
description = ''
Sets the send events mode to `disabled`, `enabled`,
or `disabled-on-external-mouse`
'';
};
tapping = mkOption {
type = types.bool;
default = true;
description = ''
Enables or disables tap-to-click behavior.
'';
};
tappingButtonMap = mkOption {
type = types.nullOr (types.enum [ "lrm" "lmr" ]);
default = null;
description = ''
Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.
'';
};
tappingDragLock = mkOption {
type = types.bool;
default = true;
description = ''
Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap-
and-drag will not immediately release the button. If the finger is set down again within the
timeout, the dragging process continues.
'';
};
transformationMatrix = mkOption {
type = types.nullOr types.str;
default = null;
example = "0.5 0 0 0 0.8 0.1 0 0 1";
description = ''
A string of 9 space-separated floating point numbers. Sets the transformation matrix to
the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
'';
};
disableWhileTyping = mkOption {
type = types.bool;
default = false;
description = ''
Disable input method while typing.
'';
};
additionalOptions = mkOption {
type = types.lines;
default = "";
example =
''
Option "DragLockButtons" "L1 B1 L2 B2"
'';
description = ''
Additional options for libinput ${deviceType} driver. See
{manpage}`libinput(4)`
for available options.";
'';
};
};
mkX11ConfigForDevice = deviceType: matchIs: ''
Identifier "libinput ${deviceType} configuration"
MatchDriver "libinput"
MatchIs${matchIs} "${xorgBool true}"
${optionalString (cfg.${deviceType}.dev != null) ''MatchDevicePath "${cfg.${deviceType}.dev}"''}
Option "AccelProfile" "${cfg.${deviceType}.accelProfile}"
${optionalString (cfg.${deviceType}.accelSpeed != null) ''Option "AccelSpeed" "${cfg.${deviceType}.accelSpeed}"''}
${optionalString (cfg.${deviceType}.accelPointsFallback != null) ''Option "AccelPointsFallback" "${toString cfg.${deviceType}.accelPointsFallback}"''}
${optionalString (cfg.${deviceType}.accelPointsMotion != null) ''Option "AccelPointsMotion" "${toString cfg.${deviceType}.accelPointsMotion}"''}
${optionalString (cfg.${deviceType}.accelPointsScroll != null) ''Option "AccelPointsScroll" "${toString cfg.${deviceType}.accelPointsScroll}"''}
${optionalString (cfg.${deviceType}.accelStepFallback != null) ''Option "AccelStepFallback" "${toString cfg.${deviceType}.accelStepFallback}"''}
${optionalString (cfg.${deviceType}.accelStepMotion != null) ''Option "AccelStepMotion" "${toString cfg.${deviceType}.accelStepMotion}"''}
${optionalString (cfg.${deviceType}.accelStepScroll != null) ''Option "AccelStepScroll" "${toString cfg.${deviceType}.accelStepScroll}"''}
${optionalString (cfg.${deviceType}.buttonMapping != null) ''Option "ButtonMapping" "${cfg.${deviceType}.buttonMapping}"''}
${optionalString (cfg.${deviceType}.calibrationMatrix != null) ''Option "CalibrationMatrix" "${cfg.${deviceType}.calibrationMatrix}"''}
${optionalString (cfg.${deviceType}.transformationMatrix != null) ''Option "TransformationMatrix" "${cfg.${deviceType}.transformationMatrix}"''}
${optionalString (cfg.${deviceType}.clickMethod != null) ''Option "ClickMethod" "${cfg.${deviceType}.clickMethod}"''}
Option "LeftHanded" "${xorgBool cfg.${deviceType}.leftHanded}"
Option "MiddleEmulation" "${xorgBool cfg.${deviceType}.middleEmulation}"
Option "NaturalScrolling" "${xorgBool cfg.${deviceType}.naturalScrolling}"
${optionalString (cfg.${deviceType}.scrollButton != null) ''Option "ScrollButton" "${toString cfg.${deviceType}.scrollButton}"''}
Option "ScrollMethod" "${cfg.${deviceType}.scrollMethod}"
Option "HorizontalScrolling" "${xorgBool cfg.${deviceType}.horizontalScrolling}"
Option "SendEventsMode" "${cfg.${deviceType}.sendEventsMode}"
Option "Tapping" "${xorgBool cfg.${deviceType}.tapping}"
${optionalString (cfg.${deviceType}.tappingButtonMap != null) ''Option "TappingButtonMap" "${cfg.${deviceType}.tappingButtonMap}"''}
Option "TappingDragLock" "${xorgBool cfg.${deviceType}.tappingDragLock}"
Option "DisableWhileTyping" "${xorgBool cfg.${deviceType}.disableWhileTyping}"
${cfg.${deviceType}.additionalOptions}
'';
in {
imports =
(map (option: mkRenamedOptionModule ([ "services" "xserver" "libinput" option ]) [ "services" "libinput" "touchpad" option ]) [
"accelProfile"
"accelSpeed"
"buttonMapping"
"calibrationMatrix"
"clickMethod"
"leftHanded"
"middleEmulation"
"naturalScrolling"
"scrollButton"
"scrollMethod"
"horizontalScrolling"
"sendEventsMode"
"tapping"
"tappingButtonMap"
"tappingDragLock"
"transformationMatrix"
"disableWhileTyping"
"additionalOptions"
]) ++ [
(mkRenamedOptionModule [ "services" "xserver" "libinput" "enable" ] [ "services" "libinput" "enable" ])
(mkRenamedOptionModule [ "services" "xserver" "libinput" "mouse" ] [ "services" "libinput" "mouse" ])
(mkRenamedOptionModule [ "services" "xserver" "libinput" "touchpad" ] [ "services" "libinput" "touchpad" ])
];
options = {
services.libinput = {
enable = mkEnableOption "libinput" // {
default = config.services.xserver.enable;
defaultText = lib.literalExpression "config.services.xserver.enable";
};
mouse = mkConfigForDevice "mouse";
touchpad = mkConfigForDevice "touchpad";
};
};
config = mkIf cfg.enable {
services.xserver.modules = [ pkgs.xorg.xf86inputlibinput ];
environment.systemPackages = [ pkgs.xorg.xf86inputlibinput ];
environment.etc =
let cfgPath = "X11/xorg.conf.d/40-libinput.conf";
in {
${cfgPath} = {
source = pkgs.xorg.xf86inputlibinput.out + "/share/" + cfgPath;
};
};
services.udev.packages = [ pkgs.libinput.out ];
services.xserver.inputClassSections = [
(mkX11ConfigForDevice "mouse" "Pointer")
(mkX11ConfigForDevice "touchpad" "Touchpad")
];
assertions = [
# already present in synaptics.nix
/* {
assertion = !config.services.xserver.synaptics.enable;
message = "Synaptics and libinput are incompatible, you cannot enable both (in services.xserver).";
} */
];
};
}

13
machine-confs/mouse-accel.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/app/streaming/input/input.cpp b/app/streaming/input/input.cpp
index fb11938b..5c0eb22e 100644
--- a/app/streaming/input/input.cpp
+++ b/app/streaming/input/input.cpp
@@ -47,7 +47,7 @@ SdlInputHandler::SdlInputHandler(StreamingPreferences& prefs, int streamWidth, i
// Otherwise, we'll use raw input capture which is straight from the device
// without modification by the OS.
SDL_SetHintWithPriority(SDL_HINT_MOUSE_RELATIVE_MODE_WARP,
- prefs.absoluteMouseMode ? "1" : "0",
+ prefs.absoluteMouseMode ? "1" : "1",
SDL_HINT_OVERRIDE);
#if !SDL_VERSION_ATLEAST(2, 0, 15)

18
machine-confs/nixos-cpu.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
networking.hostName = "nixos-cpu";
imports = [
/mnt/nixos-conf/base.nix
/mnt/nixos-conf/development.nix
/mnt/nixos-conf/vili.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

17
machine-confs/vaultwarden.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
networking.hostName = "vaultwarden";
imports = [
/mnt/nixos-conf/base.nix
/mnt/nixos-conf/vaultwarden.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

149
machine-confs/wg-rpi-configuration.nix Normal file
View file

@ -0,0 +1,149 @@
{ config, pkgs, lib, ... }:
let
SSID = "ENTER_SSID";
SSIDpassword = "ENTER_PASSWORD";
interface = "wlan0";
wg_interface = "end0";
hostname = "netflix-huijaus";
ssh-authorizedKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium";
ddPassFile = "/root/wg-conf/ddPassFile";
in {
environment.systemPackages = with pkgs; [ vim wireguard-tools qrencode ];
# enable NAT
networking.nat.enable = true;
networking.nat.externalInterface = wg_interface;
networking.nat.internalInterfaces = [ "wg0" ];
networking.firewall = {
allowedUDPPorts = [ 51821 ];
};
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = [ "10.100.0.1/24" ];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51821;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
'';
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/root/wg-conf/private";
peers = [
{ # Vili Android
publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw=";
allowedIPs = [ "10.100.0.2/32" ];
}
{ # Miika Puhelin
publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY=";
allowedIPs = [ "10.100.0.3/32" ];
}
{ # Miika Kone
publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY=";
allowedIPs = [ "10.100.0.4/32" ];
}
{ # Silja Puhelin
publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik=";
allowedIPs = [ "10.100.0.5/32" ];
}
{ # Silja Kone
publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw=";
allowedIPs = [ "10.100.0.6/32" ];
}
{ # Vili helium
publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c=";
allowedIPs = [ "10.100.0.7/32" ];
}
];
};
};
services.ddclient = {
enable = true;
domains = [ "netflood.ddnsfree.com" ];
use = "web, web=checkip.dynu.com/, web-skip='IP Address'";
server = "api.dynu.com";
username = "VSinerva";
passwordFile = ddPassFile;
};
#################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE ####################
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
networking = {
hostName = hostname;
wireless = {
enable = false;
networks."${SSID}".psk = SSIDpassword;
interfaces = [ interface ];
};
};
#################### SSH configuration ####################
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ ssh-authorizedKey ];
#################### BASE ####################
users.mutableUsers = false;
users.users.root.hashedPassword = "!";
nixpkgs.config.allowUnfree = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
services.xserver.layout = "us,";
services.xserver.xkbVariant = "de_se_fi,";
console = pkgs.lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade.enable = true;
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 7d";
nix.gc.dates = "weekly";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
hardware.enableRedistributableFirmware = true;
system.stateVersion = "23.11";
}

99
nextcloud.nix Normal file
View file

@ -0,0 +1,99 @@
# Nextcloud instance
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
services.nextcloud = {
package = pkgs.nextcloud28;
enable = true;
hostName = "nextcloud.vsinerva.fi";
autoUpdateApps.enable = true;
https = true;
maxUploadSize = "10G";
config = {
overwriteProtocol = "https";
adminpassFile = "/var/lib/nextcloud/adminpass";
};
};
services.nginx.virtualHosts =
{
${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
locations = {
"/".proxyWebsockets = true;
"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {};
};
};
};
services.nginx.virtualHosts."collabora.vsinerva.fi" =
{
forceSSL = true;
sslCertificate = "/var/lib/nextcloud/collabora_fullchain.pem";
sslCertificateKey = "/var/lib/nextcloud/collabora_privkey.pem";
locations = {
# static files
"^~ /loleaflet" = {
proxyPass = "https://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = "https://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = "https://localhost:9980";
extraConfig = ''
proxy_set_header Host $host;
'';
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = "https://localhost:9980";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = "https://localhost:9980";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
};
};
virtualisation.oci-containers = {
backend = "docker";
containers.collabora = {
image = "collabora/code";
ports = ["9980:9980"];
environment = {
domain = "collabora.vsinerva.fi";
extra_params = "--o:ssl.enable=true --o:ssl.termination=true";
};
extraOptions = ["--cap-add" "MKNOD"];
};
};
}

20
nfs-server.nix Normal file
View file

@ -0,0 +1,20 @@
#Main local NFS server with /home/vili etc.
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
networking.firewall.allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
services.nfs.server =
{
enable = true;
# fixed rpc.statd port; for (proxmox) firewall
statdPort = 4000;
lockdPort = 4001;
mountdPort = 4002;
extraNfsdConfig = '''';
createMountPoints = true;
exports = ''
/mnt/srv/nixos-conf 192.168.0.0/23(rw,no_root_squash) 172.16.0.0/24(rw,no_root_squash) 192.168.2.0/23(no_root_squash) 192.168.4.0/22(no_root_squash) 192.168.8.0/23(no_root_squash)
'';
};
}

49
vaultwarden.nix Normal file
View file

@ -0,0 +1,49 @@
# Nextcloud instance
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
services = {
vaultwarden = {
enable = true;
environmentFile = "/var/lib/vaultwarden/vaultwarden.env";
config = {
DOMAIN = "https://vaultwarden.vsinerva.fi";
LOGIN_RATELIMIT_MAX_BURST = 10;
LOGIN_RATELIMIT_SECONDS = 60;
ADMIN_RATELIMIT_MAX_BURST = 10;
ADMIN_RATELIMIT_SECONDS = 60;
SENDS_ALLOWED = true;
EMERGENCY_ACCESS_ALLOWED = true;
WEB_VAULT_ENABLED = true;
SIGNUPS_ALLOWED = true;
SIGNUPS_VERIFY = true;
SIGNUPS_VERIFY_RESEND_TIME = 3600;
SIGNUPS_VERIFY_RESEND_LIMIT = 5;
SMTP_HOST = "smtp.gmail.com";
SMTP_FROM = "vmsskv12@gmail.com";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_SECURITY = "force_tls";
SMTP_PRT = 587;
SMTP_USERNAME = "vmsskv12@gmail.com";
SMTP_AUTH_MECHANISM = "Login";
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
virtualHosts."vaultwarden.vsinerva.fi" = {
forceSSL = true;
kTLS = true;
sslCertificate = "/var/lib/vaultwarden/fullchain.pem";
sslCertificateKey = "/var/lib/vaultwarden/privkey.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:8000";
};
};
};
};
}

20
vili.nix Normal file
View file

@ -0,0 +1,20 @@
#Config for main user 'vili'
{ config, pkgs, ... }:
{
users.users.vili = {
isNormalUser = true;
home = "/home/vili";
description = "Vili Sinervä";
uid = 1000;
extraGroups = [ "wheel" "networkmanager" "audio" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ];
hashedPasswordFile = "/home/vili/.hashedPasswordFile";
};
users.groups.vili.gid = 1000;
programs.ssh = {
startAgent = true;
enableAskPassword = false;
};
}